SHA256
1
0
forked from pool/qemu

Accepting request 895224 from home:jziviani:branches:Virtualization

- Fix CVE-2021-3527 in usb/redir:
  usb-redir-avoid-dynamic-stack-allocation.patch
- Fix issues found upstream:
  hw-block-nvme-consider-metadata-read-aio.patch
  sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
  vfio-ccw-Permit-missing-IRQs.patch
  vhost-user-blk-Check-that-num-queues-is-.patch
  vhost-user-blk-Don-t-reconnect-during-in.patch
  vhost-user-blk-Fail-gracefully-on-too-la.patch
  vhost-user-blk-Get-more-feature-flags-fr.patch
  vhost-user-blk-Make-sure-to-set-Error-on.patch
  virtio-blk-Fix-rollback-path-in-virtio_b.patch
  virtio-Fail-if-iommu_platform-is-request.patch
  virtiofsd-Fix-side-effect-in-assert.patch
  monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch

OBS-URL: https://build.opensuse.org/request/show/895224
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=650
This commit is contained in:
José Ricardo Ziviani 2021-05-25 03:20:35 +00:00 committed by Git OBS Bridge
parent 7992c7a2d8
commit 8360fa3a32
16 changed files with 987 additions and 7 deletions

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:2c4897a39161af89a93dc5d80baac237a8839cfb246867cf2f440baa42dce9db oid sha256:0300c7a1fdea7e0c7c20b707481ea1894523eee636f7746cc50d5d12425036b2
size 44964 size 58808

View File

@ -0,0 +1,50 @@
From: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Date: Fri, 16 Apr 2021 12:52:33 +0530
Subject: hw/block/nvme: consider metadata read aio return value in compare
Git-commit: b4a983239343efd0a2d8a6cdf0690d0d707ec4ea
Currently in compare command metadata aio read blk_aio_preadv return
value ignored. Consider it and complete the block accounting.
Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Fixes: 0a384f923f51 ("hw/block/nvme: add compare command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/nvme.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/hw/block/nvme.c b/hw/block/nvme.c
index 5fe082ec34c57471fab0fa7e8a0c..ba90053b63ed4884deb98d62b6d6 100644
--- a/hw/block/nvme.c
+++ b/hw/block/nvme.c
@@ -2369,10 +2369,19 @@ static void nvme_compare_mdata_cb(void *opaque, int ret)
uint32_t reftag = le32_to_cpu(rw->reftag);
struct nvme_compare_ctx *ctx = req->opaque;
g_autofree uint8_t *buf = NULL;
+ BlockBackend *blk = ns->blkconf.blk;
+ BlockAcctCookie *acct = &req->acct;
+ BlockAcctStats *stats = blk_get_stats(blk);
uint16_t status = NVME_SUCCESS;
trace_pci_nvme_compare_mdata_cb(nvme_cid(req));
+ if (ret) {
+ block_acct_failed(stats, acct);
+ nvme_aio_err(req, ret);
+ goto out;
+ }
+
buf = g_malloc(ctx->mdata.iov.size);
status = nvme_bounce_mdata(n, buf, ctx->mdata.iov.size,
@@ -2421,6 +2430,8 @@ static void nvme_compare_mdata_cb(void *opaque, int ret)
goto out;
}
+ block_acct_done(stats, acct);
+
out:
qemu_iovec_destroy(&ctx->data.iov);
g_free(ctx->data.bounce);

View File

@ -0,0 +1,86 @@
From: Stefan Reiter <s.reiter@proxmox.com>
Date: Mon, 22 Mar 2021 16:40:24 +0100
Subject: monitor/qmp: fix race on CHR_EVENT_CLOSED without OOB
Git-commit: a67b996e7894edfafbcd3fd007c9f58f26d25908
The QMP dispatcher coroutine holds the qmp_queue_lock over a yield
point, where it expects to be rescheduled from the main context. If a
CHR_EVENT_CLOSED event is received just then, it can race and block the
main thread on the mutex in monitor_qmp_cleanup_queue_and_resume.
monitor_resume does not need to be called from main context, so we can
call it immediately after popping a request from the queue, which allows
us to drop the qmp_queue_lock mutex before yielding.
Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
Message-Id: <20210322154024.15011-1-s.reiter@proxmox.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
monitor/qmp.c | 40 ++++++++++++++++++++++------------------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/monitor/qmp.c b/monitor/qmp.c
index 2b0308f93371dde1a8085ac9c402..092c527b6fc9c6363f4bf81d8573 100644
--- a/monitor/qmp.c
+++ b/monitor/qmp.c
@@ -257,24 +257,6 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)
trace_monitor_qmp_in_band_dequeue(req_obj,
req_obj->mon->qmp_requests->length);
- if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) {
- /*
- * Someone rescheduled us (probably because a new requests
- * came in), but we didn't actually yield. Do that now,
- * only to be immediately reentered and removed from the
- * list of scheduled coroutines.
- */
- qemu_coroutine_yield();
- }
-
- /*
- * Move the coroutine from iohandler_ctx to qemu_aio_context for
- * executing the command handler so that it can make progress if it
- * involves an AIO_WAIT_WHILE().
- */
- aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co);
- qemu_coroutine_yield();
-
/*
* @req_obj has a request, we hold req_obj->mon->qmp_queue_lock
*/
@@ -298,8 +280,30 @@ void coroutine_fn monitor_qmp_dispatcher_co(void *data)
monitor_resume(&mon->common);
}
+ /*
+ * Drop the queue mutex now, before yielding, otherwise we might
+ * deadlock if the main thread tries to lock it.
+ */
qemu_mutex_unlock(&mon->qmp_queue_lock);
+ if (qatomic_xchg(&qmp_dispatcher_co_busy, true) == true) {
+ /*
+ * Someone rescheduled us (probably because a new requests
+ * came in), but we didn't actually yield. Do that now,
+ * only to be immediately reentered and removed from the
+ * list of scheduled coroutines.
+ */
+ qemu_coroutine_yield();
+ }
+
+ /*
+ * Move the coroutine from iohandler_ctx to qemu_aio_context for
+ * executing the command handler so that it can make progress if it
+ * involves an AIO_WAIT_WHILE().
+ */
+ aio_co_schedule(qemu_get_aio_context(), qmp_dispatcher_co);
+ qemu_coroutine_yield();
+
/* Process request */
if (req_obj->req) {
if (trace_event_get_state(TRACE_MONITOR_QMP_CMD_IN_BAND)) {

View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Mon May 24 23:20:04 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
- Fix CVE-2021-3527 in usb/redir:
usb-redir-avoid-dynamic-stack-allocation.patch
- Fix issues found upstream:
hw-block-nvme-consider-metadata-read-aio.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 17 20:34:14 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com> Mon May 17 20:34:14 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
@ -8,11 +27,6 @@ Mon May 17 20:34:14 UTC 2021 - José Ricardo Ziviani <jose.ziviani@suse.com>
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
-------------------------------------------------------------------
Mon May 17 09:30:58 UTC 2021 - Martin Liška <mliska@suse.cz>
- Add fix-brotli-vla-error.patch in order to fix bsc#1181922.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 6 00:33:36 UTC 2021 - Bruce Rogers <brogers@suse.com> Thu May 6 00:33:36 UTC 2021 - Bruce Rogers <brogers@suse.com>

View File

@ -179,6 +179,19 @@ Patch00043: qom-handle-case-of-chardev-spice-module-.patch
Patch00044: doc-add-our-support-doc-to-the-main-proj.patch Patch00044: doc-add-our-support-doc-to-the-main-proj.patch
Patch00045: ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch Patch00045: ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
Patch00046: hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch Patch00046: hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
Patch00047: monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
Patch00048: vhost-user-blk-Fail-gracefully-on-too-la.patch
Patch00049: usb-redir-avoid-dynamic-stack-allocation.patch
Patch00050: virtiofsd-Fix-side-effect-in-assert.patch
Patch00051: sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
Patch00052: virtio-blk-Fix-rollback-path-in-virtio_b.patch
Patch00053: hw-block-nvme-consider-metadata-read-aio.patch
Patch00054: vhost-user-blk-Make-sure-to-set-Error-on.patch
Patch00055: vhost-user-blk-Don-t-reconnect-during-in.patch
Patch00056: vhost-user-blk-Get-more-feature-flags-fr.patch
Patch00057: virtio-Fail-if-iommu_platform-is-request.patch
Patch00058: vhost-user-blk-Check-that-num-queues-is-.patch
Patch00059: vfio-ccw-Permit-missing-IRQs.patch
# Patches applied in roms/seabios/: # Patches applied in roms/seabios/:
Patch01000: seabios-use-python2-explicitly-as-needed.patch Patch01000: seabios-use-python2-explicitly-as-needed.patch
Patch01001: seabios-switch-to-python3-as-needed.patch Patch01001: seabios-switch-to-python3-as-needed.patch
@ -1058,6 +1071,19 @@ This package records qemu testsuite results and represents successful testing.
%endif %endif
%patch00045 -p1 %patch00045 -p1
%patch00046 -p1 %patch00046 -p1
%patch00047 -p1
%patch00048 -p1
%patch00049 -p1
%patch00050 -p1
%patch00051 -p1
%patch00052 -p1
%patch00053 -p1
%patch00054 -p1
%patch00055 -p1
%patch00056 -p1
%patch00057 -p1
%patch00058 -p1
%patch00059 -p1
%patch01000 -p1 %patch01000 -p1
%patch01001 -p1 %patch01001 -p1
%patch01002 -p1 %patch01002 -p1

View File

@ -0,0 +1,97 @@
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 10 Mar 2021 17:30:04 +0000
Subject: sockets: update SOCKET_ADDRESS_TYPE_FD listen(2) backlog
Git-commit: 37179e9ea45d6428b29ae789209c119ac18c1d39
socket_get_fd() fails with the error "socket_get_fd: too many
connections" if the given listen backlog value is not 1.
Not all callers set the backlog to 1. For example, commit
582d4210eb2f2ab5baac328fe4b479cd86da1647 ("qemu-nbd: Use SOMAXCONN for
socket listen() backlog") uses SOMAXCONN. This will always fail with in
socket_get_fd().
This patch calls listen(2) on the fd to update the backlog value. The
socket may already be in the listen state. I have tested that this works
on Linux 5.10 and macOS Catalina.
As a bonus this allows us to detect when the fd cannot listen. Now we'll
be able to catch unbound or connected fds in socket_listen().
Drop the num argument from socket_get_fd() since this function is also
called by socket_connect() where a listen backlog value does not make
sense.
Fixes: e5b6353cf25c99c3f08bf51e29933352f7140e8f ("socket: Add backlog parameter to socket_listen")
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Cc: Juan Quintela <quintela@redhat.com>
Cc: Eric Blake <eblake@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210310173004.420190-1-stefanha@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
util/qemu-sockets.c | 29 ++++++++++++++++++++++-------
1 file changed, 22 insertions(+), 7 deletions(-)
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8af0278f15c69fea136192e91650..2463c49773eae5ccac4c6c832c76 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1116,14 +1116,10 @@ fail:
return NULL;
}
-static int socket_get_fd(const char *fdstr, int num, Error **errp)
+static int socket_get_fd(const char *fdstr, Error **errp)
{
Monitor *cur_mon = monitor_cur();
int fd;
- if (num != 1) {
- error_setg_errno(errp, EINVAL, "socket_get_fd: too many connections");
- return -1;
- }
if (cur_mon) {
fd = monitor_get_fd(cur_mon, fdstr, errp);
if (fd < 0) {
@@ -1159,7 +1155,7 @@ int socket_connect(SocketAddress *addr, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, 1, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
break;
case SOCKET_ADDRESS_TYPE_VSOCK:
@@ -1187,7 +1183,26 @@ int socket_listen(SocketAddress *addr, int num, Error **errp)
break;
case SOCKET_ADDRESS_TYPE_FD:
- fd = socket_get_fd(addr->u.fd.str, num, errp);
+ fd = socket_get_fd(addr->u.fd.str, errp);
+ if (fd < 0) {
+ return -1;
+ }
+
+ /*
+ * If the socket is not yet in the listen state, then transition it to
+ * the listen state now.
+ *
+ * If it's already listening then this updates the backlog value as
+ * requested.
+ *
+ * If this socket cannot listen because it's already in another state
+ * (e.g. unbound or connected) then we'll catch the error here.
+ */
+ if (listen(fd, num) != 0) {
+ error_setg_errno(errp, errno, "Failed to listen on fd socket");
+ closesocket(fd);
+ return -1;
+ }
break;
case SOCKET_ADDRESS_TYPE_VSOCK:

View File

@ -0,0 +1,53 @@
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 3 May 2021 15:29:12 +0200
Subject: usb/redir: avoid dynamic stack allocation (CVE-2021-3527)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
References: CVE-2021-3527
Use autofree heap allocation instead.
Fixes: 4f4321c11ff ("usb: use iovecs in USBPacket")
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210503132915.2335822-3-kraxel@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/usb/redirect.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 17f06f34179a257e3fd2b354164e..6a75b0dc4ab295a70b4c507c9821 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -620,7 +620,7 @@ static void usbredir_handle_iso_data(USBRedirDevice *dev, USBPacket *p,
.endpoint = ep,
.length = p->iov.size
};
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
/* No id, we look at the ep when receiving a status back */
usb_packet_copy(p, buf, p->iov.size);
usbredirparser_send_iso_packet(dev->parser, 0, &iso_packet,
@@ -818,7 +818,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice *dev, USBPacket *p,
usbredirparser_send_bulk_packet(dev->parser, p->id,
&bulk_packet, NULL, 0);
} else {
- uint8_t buf[size];
+ g_autofree uint8_t *buf = g_malloc(size);
usb_packet_copy(p, buf, size);
usbredir_log_data(dev, "bulk data out:", buf, size);
usbredirparser_send_bulk_packet(dev->parser, p->id,
@@ -923,7 +923,7 @@ static void usbredir_handle_interrupt_out_data(USBRedirDevice *dev,
USBPacket *p, uint8_t ep)
{
struct usb_redir_interrupt_packet_header interrupt_packet;
- uint8_t buf[p->iov.size];
+ g_autofree uint8_t *buf = g_malloc(p->iov.size);
DPRINTF("interrupt-out ep %02X len %zd id %"PRIu64"\n", ep,
p->iov.size, p->id);

View File

@ -0,0 +1,71 @@
From: Eric Farman <farman@linux.ibm.com>
Date: Wed, 21 Apr 2021 17:20:53 +0200
Subject: vfio-ccw: Permit missing IRQs
Git-commit: 6178d4689a1e6a0d2b6dea1dad990e74148fa9d1
Commit 690e29b91102 ("vfio-ccw: Refactor ccw irq handler") changed
one of the checks for the IRQ notifier registration from saying
"the host needs to recognize the only IRQ that exists" to saying
"the host needs to recognize ANY IRQ that exists."
And this worked fine, because the subsequent change to support the
CRW IRQ notifier doesn't get into this code when running on an older
kernel, thanks to a guard by a capability region. The later addition
of the REQ(uest) IRQ by commit b2f96f9e4f5f ("vfio-ccw: Connect the
device request notifier") broke this assumption because there is no
matching capability region. Thus, running new QEMU on an older
kernel fails with:
vfio: unexpected number of irqs 2
Let's adapt the message here so that there's a better clue of what
IRQ is missing.
Furthermore, let's make the REQ(uest) IRQ not fail when attempting
to register it, to permit running vfio-ccw on a newer QEMU with an
older kernel.
Fixes: b2f96f9e4f5f ("vfio-ccw: Connect the device request notifier")
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210421152053.2379873-1-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/vfio/ccw.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index b2df708e4b0192cc6af898edeca4..400bc07fe260837953de87d0f272 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -412,8 +412,8 @@ static void vfio_ccw_register_irq_notifier(VFIOCCWDevice *vcdev,
}
if (vdev->num_irqs < irq + 1) {
- error_setg(errp, "vfio: unexpected number of irqs %u",
- vdev->num_irqs);
+ error_setg(errp, "vfio: IRQ %u not available (number of irqs %u)",
+ irq, vdev->num_irqs);
return;
}
@@ -696,13 +696,15 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp)
vfio_ccw_register_irq_notifier(vcdev, VFIO_CCW_REQ_IRQ_INDEX, &err);
if (err) {
- goto out_req_notifier_err;
+ /*
+ * Report this error, but do not make it a failing condition.
+ * Lack of this IRQ in the host does not prevent normal operation.
+ */
+ error_report_err(err);
}
return;
-out_req_notifier_err:
- vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_CRW_IRQ_INDEX);
out_crw_notifier_err:
vfio_ccw_unregister_irq_notifier(vcdev, VFIO_CCW_IO_IRQ_INDEX);
out_io_notifier_err:

View File

@ -0,0 +1,74 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:16 +0200
Subject: vhost-user-blk: Check that num-queues is supported by backend
Git-commit: c90bd505a3e8210c23d69fecab9ee6f56ec4a161
Creating a device with a number of queues that isn't supported by the
backend is pointless, the device won't work properly and the error
messages are rather confusing.
Just fail to create the device if num-queues is higher than what the
backend supports.
Since the relationship between num-queues and the number of virtqueues
depends on the specific device, this is an additional value that needs
to be initialised by the device. For convenience, allow leaving it 0 if
the check should be skipped. This makes sense for vhost-user-net where
separate vhost devices are used for the queues and custom initialisation
code is needed to perform the check.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935031
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-7-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 1 +
hw/virtio/vhost-user.c | 5 +++++
include/hw/virtio/vhost.h | 2 ++
3 files changed, 8 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 738e8498b4a1d650047f7190c435..ceb6bdde71e57640677a48425148 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -324,6 +324,7 @@ static int vhost_user_blk_connect(DeviceState *dev)
}
s->connected = true;
+ s->dev.num_queues = s->num_queues;
s->dev.nvqs = s->num_queues;
s->dev.vqs = s->vhost_vqs;
s->dev.vq_index = 0;
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index ded0c10453095830e24b6e53e8f8..ee57abe04526f6c55d983cb0254c 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1909,6 +1909,11 @@ static int vhost_user_backend_init(struct vhost_dev *dev, void *opaque)
return err;
}
}
+ if (dev->num_queues && dev->max_queues < dev->num_queues) {
+ error_report("The maximum number of queues supported by the "
+ "backend is %" PRIu64, dev->max_queues);
+ return -EINVAL;
+ }
if (virtio_has_feature(features, VIRTIO_F_IOMMU_PLATFORM) &&
!(virtio_has_feature(dev->protocol_features,
diff --git a/include/hw/virtio/vhost.h b/include/hw/virtio/vhost.h
index 4a8bc75415f6bba597c195e10a47..21a9a52088dd01838099046587fd 100644
--- a/include/hw/virtio/vhost.h
+++ b/include/hw/virtio/vhost.h
@@ -74,6 +74,8 @@ struct vhost_dev {
int nvqs;
/* the first virtqueue which would be used by this vhost dev */
int vq_index;
+ /* if non-zero, minimum required value for max_queues */
+ int num_queues;
uint64_t features;
uint64_t acked_features;
uint64_t backend_features;

View File

@ -0,0 +1,171 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:12 +0200
Subject: vhost-user-blk: Don't reconnect during initialisation
Git-commit: dabefdd6abcbc7d858e9413e4734aab2e0b5c8d9
This is a partial revert of commits 77542d43149 and bc79c87bcde.
Usually, an error during initialisation means that the configuration was
wrong. Reconnecting won't make the error go away, but just turn the
error condition into an endless loop. Avoid this and return errors
again.
Additionally, calling vhost_user_blk_disconnect() from the chardev event
handler could result in use-after-free because none of the
initialisation code expects that the device could just go away in the
middle. So removing the call fixes crashes in several places.
For example, using a num-queues setting that is incompatible with the
backend would result in a crash like this (dereferencing dev->opaque,
which is already NULL):
#0 0x0000555555d0a4bd in vhost_user_read_cb (source=0x5555568f4690, condition=(G_IO_IN | G_IO_HUP), opaque=0x7fffffffcbf0) at ../hw/virtio/vhost-user.c:313
#1 0x0000555555d950d3 in qio_channel_fd_source_dispatch (source=0x555557c3f750, callback=0x555555d0a478 <vhost_user_read_cb>, user_data=0x7fffffffcbf0) at ../io/channel-watch.c:84
#2 0x00007ffff7b32a9f in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#3 0x00007ffff7b84a98 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#4 0x00007ffff7b32163 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#5 0x0000555555d0a724 in vhost_user_read (dev=0x555557bc62f8, msg=0x7fffffffcc50) at ../hw/virtio/vhost-user.c:402
#6 0x0000555555d0ee6b in vhost_user_get_config (dev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost-user.c:2133
#7 0x0000555555d56d46 in vhost_dev_get_config (hdev=0x555557bc62f8, config=0x555557bc62ac "", config_len=60) at ../hw/virtio/vhost.c:1566
#8 0x0000555555cdd150 in vhost_user_blk_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcf90) at ../hw/block/vhost-user-blk.c:510
#9 0x0000555555d08f6d in virtio_device_realize (dev=0x555557bc60b0, errp=0x7fffffffcff0) at ../hw/virtio/virtio.c:3660
Note that this removes the ability to reconnect during initialisation
(but not during operation) when there is no permanent error, but the
backend restarts, as the implementation was buggy. This feature can be
added back in a follow-up series after changing error paths to
distinguish cases where retrying could help from cases with permanent
errors.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210429171316.162022-3-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 59 +++++++++++----------------------------
1 file changed, 17 insertions(+), 42 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 7c85248a7b78b9d9ec8614a3b5fe..c0b9958da1b4e155e063fb3426d0 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -50,6 +50,8 @@ static const int user_feature_bits[] = {
VHOST_INVALID_FEATURE_BIT
};
+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event);
+
static void vhost_user_blk_update_config(VirtIODevice *vdev, uint8_t *config)
{
VHostUserBlk *s = VHOST_USER_BLK(vdev);
@@ -362,19 +364,6 @@ static void vhost_user_blk_disconnect(DeviceState *dev)
vhost_dev_cleanup(&s->dev);
}
-static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
- bool realized);
-
-static void vhost_user_blk_event_realize(void *opaque, QEMUChrEvent event)
-{
- vhost_user_blk_event(opaque, event, false);
-}
-
-static void vhost_user_blk_event_oper(void *opaque, QEMUChrEvent event)
-{
- vhost_user_blk_event(opaque, event, true);
-}
-
static void vhost_user_blk_chr_closed_bh(void *opaque)
{
DeviceState *dev = opaque;
@@ -382,12 +371,11 @@ static void vhost_user_blk_chr_closed_bh(void *opaque)
VHostUserBlk *s = VHOST_USER_BLK(vdev);
vhost_user_blk_disconnect(dev);
- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_oper, NULL, opaque, NULL, true);
+ qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL, vhost_user_blk_event,
+ NULL, opaque, NULL, true);
}
-static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
- bool realized)
+static void vhost_user_blk_event(void *opaque, QEMUChrEvent event)
{
DeviceState *dev = opaque;
VirtIODevice *vdev = VIRTIO_DEVICE(dev);
@@ -401,17 +389,7 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
}
break;
case CHR_EVENT_CLOSED:
- /*
- * Closing the connection should happen differently on device
- * initialization and operation stages.
- * On initalization, we want to re-start vhost_dev initialization
- * from the very beginning right away when the connection is closed,
- * so we clean up vhost_dev on each connection closing.
- * On operation, we want to postpone vhost_dev cleanup to let the
- * other code perform its own cleanup sequence using vhost_dev data
- * (e.g. vhost_dev_set_log).
- */
- if (realized && !runstate_check(RUN_STATE_SHUTDOWN)) {
+ if (!runstate_check(RUN_STATE_SHUTDOWN)) {
/*
* A close event may happen during a read/write, but vhost
* code assumes the vhost_dev remains setup, so delay the
@@ -431,8 +409,6 @@ static void vhost_user_blk_event(void *opaque, QEMUChrEvent event,
* knowing its type (in this case vhost-user).
*/
s->dev.started = false;
- } else {
- vhost_user_blk_disconnect(dev);
}
break;
case CHR_EVENT_BREAK:
@@ -489,33 +465,32 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
s->vhost_vqs = g_new0(struct vhost_virtqueue, s->num_queues);
s->connected = false;
- qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_realize, NULL, (void *)dev,
- NULL, true);
-
-reconnect:
if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) {
goto virtio_err;
}
- /* check whether vhost_user_blk_connect() failed or not */
- if (!s->connected) {
- goto reconnect;
+ if (vhost_user_blk_connect(dev) < 0) {
+ error_setg(errp, "vhost-user-blk: could not connect");
+ qemu_chr_fe_disconnect(&s->chardev);
+ goto virtio_err;
}
+ assert(s->connected);
ret = vhost_dev_get_config(&s->dev, (uint8_t *)&s->blkcfg,
sizeof(struct virtio_blk_config));
if (ret < 0) {
- error_report("vhost-user-blk: get block config failed");
- goto reconnect;
+ error_setg(errp, "vhost-user-blk: get block config failed");
+ goto vhost_err;
}
- /* we're fully initialized, now we can operate, so change the handler */
+ /* we're fully initialized, now we can operate, so add the handler */
qemu_chr_fe_set_handlers(&s->chardev, NULL, NULL,
- vhost_user_blk_event_oper, NULL, (void *)dev,
+ vhost_user_blk_event, NULL, (void *)dev,
NULL, true);
return;
+vhost_err:
+ vhost_dev_cleanup(&s->dev);
virtio_err:
g_free(s->vhost_vqs);
s->vhost_vqs = NULL;

View File

@ -0,0 +1,47 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Tue, 13 Apr 2021 18:56:54 +0200
Subject: vhost-user-blk: Fail gracefully on too large queue size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 68bf7336533faa6aa90fdd4558edddbf5d8ef814
virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so
vhost_user_blk_device_realize() should check this before calling it.
Simple reproducer:
qemu-system-x86_64 \
-chardev null,id=foo \
-device vhost-user-blk-pci,queue-size=4096,chardev=foo
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210413165654.50810-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 0b5b9d44cdb0ed4d4a43974e7cdd..f5e9682703f3433c4b363003f90f 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -467,6 +467,11 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
error_setg(errp, "vhost-user-blk: queue size must be non-zero");
return;
}
+ if (s->queue_size > VIRTQUEUE_MAX_SIZE) {
+ error_setg(errp, "vhost-user-blk: queue size must not exceed %d",
+ VIRTQUEUE_MAX_SIZE);
+ return;
+ }
if (!vhost_user_init(&s->vhost_user, &s->chardev, errp)) {
return;

View File

@ -0,0 +1,35 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:14 +0200
Subject: vhost-user-blk: Get more feature flags from vhost device
Git-commit: 7556a320c98812ca6648b707393f4513387faf73
VIRTIO_F_RING_PACKED and VIRTIO_F_IOMMU_PLATFORM need to be supported by
the vhost device, otherwise advertising it to the guest doesn't result
in a working configuration. They are currently not supported by the
vhost-user-blk export in QEMU.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935020
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-5-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index c0b9958da1b4e155e063fb3426d0..738e8498b4a1d650047f7190c435 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -47,6 +47,8 @@ static const int user_feature_bits[] = {
VIRTIO_RING_F_INDIRECT_DESC,
VIRTIO_RING_F_EVENT_IDX,
VIRTIO_F_NOTIFY_ON_EMPTY,
+ VIRTIO_F_RING_PACKED,
+ VIRTIO_F_IOMMU_PLATFORM,
VHOST_INVALID_FEATURE_BIT
};

View File

@ -0,0 +1,44 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:11 +0200
Subject: vhost-user-blk: Make sure to set Error on realize failure
Git-commit: f26729715ef21325f972f693607580a829ad1cbb
We have to set errp before jumping to virtio_err, otherwise the caller
(virtio_device_realize()) will take this as success and crash when it
later tries to access things that we've already freed in the error path.
Fixes: 77542d431491788d1e8e79d93ce10172ef207775
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210429171316.162022-2-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/vhost-user-blk.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index f5e9682703f3433c4b363003f90f..7c85248a7b78b9d9ec8614a3b5fe 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -447,7 +447,6 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
{
VirtIODevice *vdev = VIRTIO_DEVICE(dev);
VHostUserBlk *s = VHOST_USER_BLK(vdev);
- Error *err = NULL;
int i, ret;
if (!s->chardev.chr) {
@@ -495,8 +494,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
NULL, true);
reconnect:
- if (qemu_chr_fe_wait_connected(&s->chardev, &err) < 0) {
- error_report_err(err);
+ if (qemu_chr_fe_wait_connected(&s->chardev, errp) < 0) {
goto virtio_err;
}

View File

@ -0,0 +1,44 @@
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 29 Apr 2021 19:13:15 +0200
Subject: virtio: Fail if iommu_platform is requested, but unsupported
Git-commit: 04ceb61a4075fadbf374ef89662c41999da83489
Commit 2943b53f6 (' virtio: force VIRTIO_F_IOMMU_PLATFORM') made sure
that vhost can't just reject VIRTIO_F_IOMMU_PLATFORM when it was
requested. However, just adding it back to the negotiated flags isn't
right either because it promises support to the guest that the device
actually doesn't support. One example of a vhost-user device that
doesn't have support for the flag is the vhost-user-blk export of QEMU.
Instead of successfully creating a device that doesn't work, just fail
to plug the device when it doesn't support the feature, but it was
requested. This results in much clearer error messages.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935019
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210429171316.162022-6-kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/virtio/virtio-bus.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
index d6332d45c3b201d6528d84306da9..859978d24877a04ed5eaa03d060d 100644
--- a/hw/virtio/virtio-bus.c
+++ b/hw/virtio/virtio-bus.c
@@ -69,6 +69,11 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
return;
}
+ if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
+ error_setg(errp, "iommu_platform=true is not supported by the device");
+ return;
+ }
+
if (klass->device_plugged != NULL) {
klass->device_plugged(qbus->parent, &local_err);
}

View File

@ -0,0 +1,68 @@
From: Greg Kurz <groug@kaod.org>
Date: Wed, 7 Apr 2021 16:34:58 +0200
Subject: virtio-blk: Fix rollback path in virtio_blk_data_plane_start()
Git-commit: 570fe439e5d1b8626cf344c6bc97d90cfcaf0c79
When dataplane multiqueue support was added in QEMU 2.7, the path
that would rollback guest notifiers assignment in case of error
simply got dropped.
Later on, when Error was added to blk_set_aio_context() in QEMU 4.1,
another error path was introduced, but it ommits to rollback both
host and guest notifiers.
It seems cleaner to fix the rollback path in one go. The patch is
simple enough that it can be adjusted if backported to a pre-4.1
QEMU.
Fixes: 51b04ac5c6a6 ("virtio-blk: dataplane multiqueue support")
Cc: stefanha@redhat.com
Fixes: 97896a4887a0 ("block: Add Error to blk_set_aio_context()")
Cc: kwolf@redhat.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210407143501.244343-2-groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
hw/block/dataplane/virtio-blk.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index e9050c8987e7d4c8496135dd87ea..d7b5c95d26d9ec818118513b40c3 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -207,7 +207,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
}
- goto fail_guest_notifiers;
+ goto fail_host_notifiers;
}
}
@@ -221,7 +221,7 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
aio_context_release(old_context);
if (r < 0) {
error_report_err(local_err);
- goto fail_guest_notifiers;
+ goto fail_aio_context;
}
/* Process queued requests before the ones in vring */
@@ -245,6 +245,13 @@ int virtio_blk_data_plane_start(VirtIODevice *vdev)
aio_context_release(s->ctx);
return 0;
+ fail_aio_context:
+ for (i = 0; i < nvqs; i++) {
+ virtio_bus_set_host_notifier(VIRTIO_BUS(qbus), i, false);
+ virtio_bus_cleanup_host_notifier(VIRTIO_BUS(qbus), i);
+ }
+ fail_host_notifiers:
+ k->set_guest_notifiers(qbus->parent, nvqs, false);
fail_guest_notifiers:
/*
* If we failed to set up the guest notifiers queued requests will be

View File

@ -0,0 +1,100 @@
From: Greg Kurz <groug@kaod.org>
Date: Fri, 9 Apr 2021 12:06:27 +0200
Subject: virtiofsd: Fix side-effect in assert()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: 0adb3aff3932d05b069bd2cb13480f1611cce654
It is bad practice to put an expression with a side-effect in
assert() because the side-effect won't happen if the code is
compiled with -DNDEBUG.
Use an intermediate variable. Consolidate this in an macro to
have proper line numbers when the assertion is hit.
virtiofsd: ../../tools/virtiofsd/passthrough_ll.c:2797: lo_getxattr:
Assertion `fchdir_res == 0' failed.
Aborted
2796 /* fchdir should not fail here */
=>2797 FCHDIR_NOFAIL(lo->proc_self_fd);
2798 ret = getxattr(procname, name, value, size);
2799 FCHDIR_NOFAIL(lo->root.fd);
Fixes: bdfd66788349 ("virtiofsd: Fix xattr operations")
Cc: misono.tomohiro@jp.fujitsu.com
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210409100627.451573-1-groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jose R. Ziviani <jziviani@suse.de>
---
tools/virtiofsd/passthrough_ll.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 1553d2ef454f55a3103b452841d5..6592f96f685e52fecf5703739e7d 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2723,6 +2723,11 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name,
return -ENODATA;
}
+#define FCHDIR_NOFAIL(fd) do { \
+ int fchdir_res = fchdir(fd); \
+ assert(fchdir_res == 0); \
+ } while (0)
+
static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
size_t size)
{
@@ -2789,9 +2794,9 @@ static void lo_getxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
ret = fgetxattr(fd, name, value, size);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = getxattr(procname, name, value, size);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
if (ret == -1) {
@@ -2864,9 +2869,9 @@ static void lo_listxattr(fuse_req_t req, fuse_ino_t ino, size_t size)
ret = flistxattr(fd, value, size);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = listxattr(procname, value, size);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
if (ret == -1) {
@@ -3000,9 +3005,9 @@ static void lo_setxattr(fuse_req_t req, fuse_ino_t ino, const char *in_name,
ret = fsetxattr(fd, name, value, size, flags);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = setxattr(procname, name, value, size, flags);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
saverr = ret == -1 ? errno : 0;
@@ -3066,9 +3071,9 @@ static void lo_removexattr(fuse_req_t req, fuse_ino_t ino, const char *in_name)
ret = fremovexattr(fd, name);
} else {
/* fchdir should not fail here */
- assert(fchdir(lo->proc_self_fd) == 0);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
ret = removexattr(procname, name);
- assert(fchdir(lo->root.fd) == 0);
+ FCHDIR_NOFAIL(lo->root.fd);
}
saverr = ret == -1 ? errno : 0;